Presentation is loading. Please wait.

Presentation is loading. Please wait.

Jozef Goetz, 2009 1 expanded by Jozef Goetz, 2008 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert.

Published bySheila Marshall Modified over 8 years ago

Similar presentations

Presentation on theme: "Jozef Goetz, 2009 1 expanded by Jozef Goetz, 2008 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert."— Presentation transcript:

1

2 Jozef Goetz, 2009 1 expanded by Jozef Goetz, 2008 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert Koretsky, Syed A. Sarwar, 2005 Addison Wesley Copyright © 2005 Pearson Addison- Wesley. All rights reserved.

3 Jozef Goetz, 2009 2 Objectives You may ignore last slides 19 – 22 To show 3 protection and security mechanisms that UNIX provides To describe the types of users of a UNIX file To discuss the basic operations that can be performed on a UNIX file To explain the concept of file access permissions/ privileges in UNIX To discuss how a user can determine access privileges for a file To describe how a user can set and change permissions for a file To cover the commands and primitives ?, ~, *, chmod, groups, ls – l, ls – ld, umask

4 Jozef Goetz, 2009 3 Password-based Protection All login names are public knowledge and can be found in the /etc/passwd file. passwd –a contains info for users, each line (7 fields) is as follows: login_name:password:user_ID:user_info:home_directory:login_shell ftp :x :14 :FTP User:/var/ftp :/sbin/nologin

5 Jozef Goetz, 2009 4 Password-based Protection Change password using: passwd, Some systems: yppasswd, nispasswd 3 ways of discovering a user’s password: 1) You, as the owner of an account, inform others of your password 2) a password can be guessed by another user 3) a user’s password can be extracted by “brute force”

6 Jozef Goetz, 2009 5 Encryption-based Protection for files

7 Jozef Goetz, 2009 6 Protection based on Access Permission Types of users Display all preconfigured user groups in the format: gr name, info about group, gr. ID,members of the group user (owner) - to get: whoami group others a user with multiple groups Special user with access to all files and dirs is the superuser login name is root user ID = 0 A user belongs to one group or many: default group membership of a user is specified /etc/passwd [cs253u@shell cs253u]$ groups cs253u

8 Jozef Goetz, 2009 7 Groups and Users cmds [cs253u@shell cs253u]$ whatis groups groups (1) - print the groups a user is in [cs253u@shell cs253u]$ groups cs253u -bash-2.05b$ groups cs253u15 cs253u15 : cs253u [cs253u@shell cs253u]$ whatis users users (1) - print the user names of users currently logged in to the current host [cs253u@shell cs253u]$ users cs253u cs253u15 cs351b17 gchang

9 Jozef Goetz, 2009 8 Protection based on Access Permission Types of Access Permissions read write (create, remove, modify) execute Access Permissions for Directories execute is permission for searching directory (e.g. by using ls –l) but not for read or write

10 Jozef Goetz, 2009 9 Protection based on Access Permission

11 Jozef Goetz, 2009 10 Determining and Changing File Access Privileges Determining File Access Privileges ls –l, ls –ld -d directory list directory entries instead of contents -l use a long listing format

12 Jozef Goetz, 2009 11 Determining File Access Privileges ls –l, ls –ld execute Determining and Changing File Access Privileges

13 Jozef Goetz, 2009 12 chmod [options] octal-mode file-list chmod [options] symbolic-mode file-list chmod changes the permissions of each given file according to mode, which can be either a symbolic representation of changes to make, or an octal number representing the bit pattern for the new permissions. Determining and Changing File Access Privileges

14 Jozef Goetz, 2009 13 chmod [options] octal-mode file-list chmod [options] symbolic-mode file-list Determining and Changing File Access Privileges //start with letter l through t

15 Jozef Goetz, 2009 14 Examples of chmod Command execute

16 Jozef Goetz, 2009 15 Determining and Changing File Access Privileges -R Recursive change files and directories

17 Jozef Goetz, 2009 16 Access Privileges for Directories list the dir contents needs r+x permissions create a file on a dir needs w+x permissions

18 Jozef Goetz, 2009 17 umask mask When a new file or directory is created, UNIX sets its access privileges based on the argument of the umask command. Current Value of the mask: $ umask 022 The default access permission value on executable file or directory is computed by: file access permission = 777 – mask The default access permission value on text files is computed by: file access permission = 666 – mask A commonly default used mask value is 022 so access permission = 777 – 022 = 755 for.exe files and dirs access permission = 666 – 022 = 644 for text files Default file access privileges

19 Jozef Goetz, 2009 18 Give the answer about permissions if mask = 077 which is preferable by me. The umask command is normally placed in the system startup file ~/.profile (Sytem V UNIX) or the ~/.login file (in BSD UNIX) so it executes every time you log on to the system Default file access privileges

20 Jozef Goetz, 2009 19 Special Access Bits

21 Jozef Goetz, 2009 20 Special Protection Access Bits The Set-User-ID (SUID) Bit If this bit is set for a file containing an executable program for a command, the command takes on the privileges of the owner of the file when it executes. If a file is owned by ‘root’ and has its SUID bit set, it runs with superuser privileges even the file itself doesn’t have those privileges Since the cat command is root owned, a ordinary user runs the command with root privileges! This means that a user can display and/or copy anyone’s files on this system! chmod 4xxx file-list or chmod u+s file-list [cs253u@shell cs253u]$ chmod 4700 my [cs253u@shell cs253u]$ ls -l my -rws------ 1 cs253u cs253u 24 Feb 23 00:50 my [cs253u@shell cs253u]$ chmod u-s my [cs253u@shell cs253u]$ ls -l my -rwx------ 1 cs253u cs253u 24 Feb 23 00:50 my

22 Jozef Goetz, 2009 21 Special Protection Access Bits The Set-Group-ID (SGID) Bit Causes the access permission of the process to take the group identity of the group to which the owner of the file belongs. chmod 2xxx file-list or chmod g+s file-list [cs253u@shell cs253u]$ ls -l my -rwx------ 1 cs253u cs253u 24 Feb 23 00:50 my [cs253u@shell cs253u]$ chmod 2700 my [cs253u@shell cs253u]$ ls -l my -rwx--S--- 1 cs253u cs253u 24 Feb 23 00:50 my [cs253u@shell cs253u]$ chmod g-s my [cs253u@shell cs253u]$ ls -l my -rwx------ 1 cs253u cs253u 24 Feb 23 00:50 my

23 Jozef Goetz, 2009 22 Special Protection Access Bits The Sticky Bit Goal: to keep file(s) in memory or the swap area Can be set for a directory to ensure that an unprivileged user cannot remove, move to the disk or rename files of other users in that directory. It can be set for directories. chmod 1xxx file-list or chmod +t file-list [cs253u@shell cs253u]$ ls -ld me drwx------ 2 cs253u cs253u 19 Feb 22 21:55 me [cs253u@shell cs253u]$ chmod +t me [cs253u@shell cs253u]$ ls -ld me drwx-----T 2 cs253u cs253u 19 Feb 22 21:55 me [cs253u@shell cs253u]$ chmod 700 me [cs253u@shell cs253u]$ ls -ld me drwx------ 2 cs253u cs253u 19 Feb 22 21:55 me

Download ppt "Jozef Goetz, 2009 1 expanded by Jozef Goetz, 2008 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert."

Similar presentations

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.

Unit 5 – User Administration Randy Marchany VA Tech Computing Center.
Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.

Linux File & Folder permissions. File Permissions In Ubuntu, files and folders can be set up so that only specific users can view, modify, or run them.
UNIX file systems Learning Objectives: 1. To understand the basics of file systems 2. To understand the hierarchical structure in Unix file system 3. To.

UNIX file systems Learning Objectives: 1. To understand the basics of file systems 2. To understand the hierarchical structure in Unix file system 3. To.
The UNIX File System CS465. File Systems What is a file system? A means of organizing information on the computer. A file system is a logical view, not.

The UNIX File System CS465. File Systems What is a file system? A means of organizing information on the computer. A file system is a logical view, not.
File Security. Viewing Permissions ls –l Permission Values.

File Security. Viewing Permissions ls –l Permission Values.
File security and Permissions A file is owned by the user who created it That user can then specify who can read, write and execute that file A file when.

File security and Permissions A file is owned by the user who created it That user can then specify who can read, write and execute that file A file when.
Linux+ Guide to Linux Certification, Second Edition

Linux+ Guide to Linux Certification, Second Edition
Linux Linux File System.

Linux Linux File System.
Operating Systems Recitation 11, June 9-10, 2002.

Operating Systems Recitation 11, June 9-10, 2002.
UNIX Chapter 08 File Security Mr. Mohammad Smirat.

UNIX Chapter 08 File Security Mr. Mohammad Smirat.
Getting Started with Linux Linux System Administration Permissions.

Getting Started with Linux Linux System Administration Permissions.
BILKENT UNIVERSITY DEPARTMENT OF COMPUTER TECHNOLOGY AND INFORMATION SYSTEMS CTIS156 INFORMATION TECHNOLOGIES II CHAPTER 10: ADVANCED FILE PROCESSING.

BILKENT UNIVERSITY DEPARTMENT OF COMPUTER TECHNOLOGY AND INFORMATION SYSTEMS CTIS156 INFORMATION TECHNOLOGIES II CHAPTER 10: ADVANCED FILE PROCESSING.
COMP1070/2002/lec4/H.Melikian COMP1070 Lecture #5  Files and directories in UNIX  Various types of files  File attributes  Notion of pathname  Commands.

COMP1070/2002/lec4/H.Melikian COMP1070 Lecture #5  Files and directories in UNIX  Various types of files  File attributes  Notion of pathname  Commands.
Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.

Filesystem Hierarchy Standard (FHS) –Standard of outlining the location of set files and directories on a Linux system –Gives Linux software developers.
Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.

Va-scanCopyright 2002, Marchany Unit 6 – Solaris File Security Randy Marchany VA Tech Computing Center.
The file structure and related utilities CS240 Computer Science II.

The file structure and related utilities CS240 Computer Science II.
1 Lecture 2 Working with Files and Directories COP 3344 Introduction to UNIX.

1 Lecture 2 Working with Files and Directories COP 3344 Introduction to UNIX.
Jozef Goetz, 2009 1 expanded by Jozef Goetz, 2009 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert.

Jozef Goetz, expanded by Jozef Goetz, 2009 Credits: Parts of the slides are based on slides created by UNIX textbook authors, Syed M. Sarwar, Robert.
Title Slide CSS 404/504 The UNIX Operating System (2) By Ralph B. Bisland, Jr.

Title Slide CSS 404/504 The UNIX Operating System (2) By Ralph B. Bisland, Jr.
CIT 140: Introduction to ITSlide #1 CSC 140: Introduction to IT File Security.

CIT 140: Introduction to ITSlide #1 CSC 140: Introduction to IT File Security.

Similar presentations

Ads by Google